The GDPR is a regulation passed by the EU to protect the privacy of its citizens. It requires organizations that process the personal data of EU citizens to be very transparent with the methods of data collection, and to take measures to secure the data. It applies to organizations inside and outside the EU.